SoheilKhodayari/TheThing external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

SoheilKhodayari/TheThing

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/SoheilKhodayari/TheThing)

Close

SoheilKhodayari / TheThingView on GitHubMore

• External links
• Readme badge

TheThing: an open-source tool to detect DOM Clobbering vulnerabilities

☆57Oct 25, 2023Updated 2 years ago

Alternatives and similar repositories for TheThing

Users that are interested in TheThing are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• SoheilKhodayari / DOMClobbering

  View on GitHub
  DOM Clobbering Wiki, Browser Testing, and Payload Generation
  ☆61Dec 18, 2025Updated 3 months ago
• SoheilKhodayari / JAW

  View on GitHub
  JAW: A Graph-based Security Analysis Framework for Client-side JavaScript
  ☆119Feb 13, 2026Updated last month
• SAP / project-foxhound

  View on GitHub
  A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozi…
  ☆165Feb 25, 2026Updated last month
• SoheilKhodayari / Basta-COSI

  View on GitHub
  A framework for the detection of COSI vulnerabilities / XS-Leaks
  ☆14Mar 29, 2023Updated 2 years ago
• jackfromeast / dom-clobbering-collection

  View on GitHub
  A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.
  ☆48Aug 31, 2025Updated 6 months ago
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• pixelindigo / yurascanner

  View on GitHub
  YuraScanner
  ☆73Feb 13, 2025Updated last year
• JorianWoltjer / nodejs-file-write-rce

  View on GitHub
  NodeJS File Write to RCE on a read-only filesystem using a ROP chain in libuv
  ☆38Oct 13, 2024Updated last year
• Slonser / hui

  View on GitHub
  HTML Universal Identifier
  ☆65Dec 15, 2024Updated last year
• testable-eu / sast-testability-patterns

  View on GitHub
  Testability Pattern Catalogs for SAST
  ☆34Feb 18, 2025Updated last year
• devanshbatham / getsan

  View on GitHub
  A utility to fetch and display dns names from the SSL/TLS cert data
  ☆16Aug 11, 2023Updated 2 years ago
• testable-eu / sast-tp-framework

  View on GitHub
  TP-Framework: Testability Pattern Framework for SAST
  ☆16May 10, 2024Updated last year
• oshp / oshp-stats

  View on GitHub
  Stats about HTTP response security headers usage mentioned by the OSHP.
  ☆17Jan 25, 2026Updated 2 months ago
• fcavallarin / burp-dom-scanner

  View on GitHub
  Burp Suite's extension to scan and crawl Single Page Applications
  ☆107Apr 14, 2023Updated 2 years ago
• ZeddYu / TLS-poison

  View on GitHub
  ☆17May 10, 2021Updated 4 years ago
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• u1f383 / writeup

  View on GitHub
  ctf writeup and log
  ☆48Nov 30, 2024Updated last year
• surviveRuins / css-scrollbar-attack

  View on GitHub
  PoC for leaking text nodes via CSS injection
  ☆25Jul 27, 2024Updated last year
• EkiXu / marshalexp

  View on GitHub
  ☆23Jan 2, 2023Updated 3 years ago
• engn33r / awesome-redos-security

  View on GitHub
  List of RegEx DoS (ReDoS) CVEs and resources
  ☆29Feb 6, 2023Updated 3 years ago
• itsmenaga / Nuclei-Templates-All

  View on GitHub
  ☆29May 22, 2024Updated last year
• ElectrovoltSec / HackBench

  View on GitHub
  How effective are LLMs in identifying and exploiting security vulnerabilities?
  ☆69Feb 28, 2025Updated last year
• Hacking-Notes / ClickMe

  View on GitHub
  Clickme is a powerful multi-step clickjacking tool designed for security professionals. Create, visualize, and demonstrate complex clickj…
  ☆14Sep 4, 2025Updated 6 months ago
• caioluders / LostAndFound

  View on GitHub
  ☆30Mar 12, 2026Updated 2 weeks ago
• doyensec / malicious-devfile-registry

  View on GitHub
  Exploit for CVE-2024-0402 in Gitlab
  ☆15Mar 18, 2025Updated last year
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• KTH-LangSec / server-side-prototype-pollution

  View on GitHub
  A collection of Server-Side Prototype Pollution gadgets and exploits
  ☆228Feb 6, 2025Updated last year
• ssl / shortboost

  View on GitHub
  Unicode characters that will translate a single character to multiple characters in domain names or TLD's
  ☆50Nov 23, 2024Updated last year
• LLMs-Sec / Awesome-LLM4Security

  View on GitHub
  Awesome LLM for Cybersecurity
  ☆12Nov 16, 2024Updated last year
• kevin-mizu / domloggerpp

  View on GitHub
  A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
  ☆779Dec 9, 2025Updated 3 months ago
• doyensec / Unsafe-Unpacking

  View on GitHub
  Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide
  ☆43Dec 16, 2024Updated last year
• bjornhels / CVE-2025-30065

  View on GitHub
  PoC
  ☆12Apr 7, 2025Updated 11 months ago
• zb3 / getfrontend

  View on GitHub
  Get and extract the frontend code of a SPA, finding all chunks and recreating the original code from source maps. Should support common w…
  ☆50Jul 23, 2025Updated 8 months ago
• Song-Li / ObjLupAnsys

  View on GitHub
  ObjLupAnsys is a tool to detect prototype pollution vulnerabilities in Node.js packages. This project is written in Python and JavaScript…
  ☆26Nov 30, 2021Updated 4 years ago
• kondukto-io / semgrep-rules

  View on GitHub
  Custom semgrep rules registry
  ☆14Aug 23, 2022Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• Iansus / DllProxy

  View on GitHub
  ☆17Jun 28, 2023Updated 2 years ago
• harisec / orange-confusion-attacks

  View on GitHub
  Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
  ☆21Aug 25, 2024Updated last year
• exploit-io / nuclei-fuzz-templates

  View on GitHub
  Gathering All Nuclei Fuzzing Templates in a Single Repo.
  ☆11Apr 23, 2024Updated last year
• Matir / pwnableweb-scoreboard

  View on GitHub
  Scoreboard for CTF Competitions
  ☆27Jul 19, 2016Updated 9 years ago
• BlackFan / client-side-prototype-pollution

  View on GitHub
  Prototype Pollution and useful Script Gadgets
  ☆1,601Jan 27, 2024Updated 2 years ago
• Te-k / harpoontools

  View on GitHub
  CLI tools using Harpoon features
  ☆24Nov 7, 2023Updated 2 years ago
• 0xPugal / knoxsser

  View on GitHub
  A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API
  ☆77Jan 24, 2025Updated last year